

#!/bin/bash

# 实验三：Linux文件、用户和组、权限管理
# 所有函数都按照实验要求实现

# 1. 生成一系列文件
s1_generate_a_series_of_files() {
    for i in $(seq 1 100); do
        filename="/tmp/new_file$i"
        echo -n "$i" > "$filename" || return 1
        if [ ! -s "$filename" ]; then
            echo "Error: Failed to create $filename" >&2
            return 1
        fi
    done
}

# 2. 列出与账户和组相关的4个文件的长格式信息
s2_list_4_files_in_long_format_about_account_and_group() {
    ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
}

# 3. 查找给定用户名的相关条目
s3_find_items_related_to_given_username() {
    local username="$1"
    if [ -z "$username" ]; then
        echo "错误：请提供用户名作为参数" >&2
        return 1
    fi
    (grep "^$username:" /etc/passwd 2>/dev/null || true) | head -1
    (grep "^$username:" /etc/shadow 2>/dev/null || true) | head -1
}

# 4. 查找给定组名的相关条目
s4_find_items_related_to_given_group_name() {
    local groupname="$1"
    if [ -z "$groupname" ]; then
        echo "错误：请提供组名作为参数" >&2
        return 1
    fi
    (grep "^$groupname:" /etc/group 2>/dev/null || true) | head -1
    (grep "^$groupname:" /etc/gshadow 2>/dev/null || true) | head -1
}

# 5. 创建指定的组
s5_create_groups_for_given_group_names() {
    local groups=("rnd" "itoperation")
    
    for g in "${groups[@]}"; do
        if ! getent group "$g" >/dev/null 2>&1; then
            groupadd "$g" || return 1
            echo "已创建组：$g"
        else
            echo "组 $g 已存在"
        fi
    done
}

# 6. 创建用户并设置组
s6_create_users_and_set_their_group_as_required() {
    local users=("adam" "bob" "calvin" "david" "edward")
    
    for u in "${users[@]}"; do
        if ! id "$u" >/dev/null 2>&1; then
            useradd -m "$u" || return 1
            echo "已创建用户：$u"
        else
            echo "用户 $u 已存在"
        fi
    done
    
    # 设置附加组
    usermod -aG rnd adam || return 1
    usermod -aG rnd bob || return 1
    usermod -aG rnd edward || return 1
    usermod -aG itoperation calvin || return 1
    usermod -aG itoperation david || return 1
}

# 7. 更改用户shell为sh
s7_change_users_shell() {
    local users=("adam" "edward")
    local shell="/usr/bin/sh"
    
    for u in "${users[@]}"; do
        if id "$u" >/dev/null 2>&1; then
            if ! usermod -s "$shell" "$u" >/dev/null 2>&1; then
                echo "错误：无法更改 $u 的shell" >&2
                return 1
            fi
            if [ "$(getent passwd "$u" | cut -d: -f7)" != "$shell" ]; then
                echo "错误：$u 的shell未成功更改" >&2
                return 1
            fi
        else
            echo "错误：用户 $u 不存在" >&2
            return 1
        fi
    done
}

# 8. 设置密码策略
s8_set_password_change_policy() {
    local users=("adam" "bob" "calvin" "david" "edward")
    
    for u in "${users[@]}"; do
        if id "$u" >/dev/null 2>&1; then
            chage -m 10 -M 60 -W 10 "$u" || return 1
            echo "已为用户 $u 设置密码策略"
        else
            echo "用户 $u 不存在，跳过设置" >&2
        fi
    done
}

# 9. 为五个用户设置密码
s9_set_password_for_five_users() {
    if [ $# -ne 5 ]; then
        echo "错误：需要提供5个密码参数" >&2
        echo "用法：$0 $FUNCNAME 密码1 密码2 密码3 密码4 密码5" >&2
        return 1
    fi
    
    local users=("adam" "bob" "calvin" "david" "edward")
    local passwords=("$@")
    
    # 创建临时文件
    local temp_file=$(mktemp) || return 1
    trap 'rm -f "$temp_file"' EXIT
    
    for i in "${!users[@]}"; do
        if id "${users[$i]}" >/dev/null 2>&1; then
            echo "${users[$i]}:${passwords[$i]}" >> "$temp_file" || return 1
        else
            echo "用户 ${users[$i]} 不存在，跳过密码设置" >&2
        fi
    done
    
    if [ -s "$temp_file" ]; then
        chpasswd < "$temp_file" || return 1
        echo "密码设置完成"
    else
        echo "没有有效用户需要设置密码" >&2
        return 1
    fi
}

# 10. 锁定Bob的密码
s10_lock_bobs_password() {
    if id bob >/dev/null 2>&1; then
        passwd -l bob || return 1
        echo "已锁定Bob的密码"
    else
        echo "用户 bob 不存在" >&2
        return 1
    fi
}

# 11. 将Adam加入wheel组
s11_include_adam_into_wheel_group() {
    if id adam >/dev/null 2>&1; then
        if ! getent group wheel >/dev/null 2>&1; then
            groupadd wheel || return 1
        fi
        usermod -aG wheel adam || return 1
        echo "已将Adam加入wheel组"
    else
        echo "用户 adam 不存在" >&2
        return 1
    fi
}

# 12. 更改文件权限
s12_change_files_permission() {
    local perm="640"
    local selinux_ref="/etc/passwd"
    
    for i in $(seq 3 3 100); do
        filename="/tmp/new_file$i"
        if [ -f "$filename" ]; then
            chmod "$perm" "$filename" || return 1
            chcon --reference="$selinux_ref" "$filename" 2>/dev/null || true
            if [ "$(stat -c %a "$filename")" != "$perm" ]; then
                echo "错误：权限设置失败 $filename" >&2
                return 1
            fi
        else
            echo "错误：文件 $filename 不存在" >&2
            return 1
        fi
    done
}

# 主函数，用于交互式测试
main() {
    echo "=== Linux文件、用户和组、权限管理实验 ==="
    
    # 执行所有功能
    s1_generate_a_series_of_files || return 1
    s2_list_4_files_in_long_format_about_account_and_group || return 1
    s3_find_items_related_to_given_username "root" || return 1
    s4_find_items_related_to_given_group_name "root" || return 1
    s5_create_groups_for_given_group_names || return 1
    s6_create_users_and_set_their_group_as_required || return 1
    s7_change_users_shell || return 1
    s8_set_password_change_policy || return 1
    s9_set_password_for_five_users "pass1" "pass2" "pass3" "pass4" "pass5" || return 1
    s10_lock_bobs_password || return 1
    s11_include_adam_into_wheel_group || return 1
    s12_change_files_permission || return 1
    
    echo -e "\n=== 实验完成 ==="
}

# 处理命令行参数
case "${1:-}" in
    s1_generate_a_series_of_files)
        s1_generate_a_series_of_files
        ;;
    s2_list_4_files_in_long_format_about_account_and_group)
        s2_list_4_files_in_long_format_about_account_and_group
        ;;
    s3_find_items_related_to_given_username)
        s3_find_items_related_to_given_username "$2"
        ;;
    s4_find_items_related_to_given_group_name)
        s4_find_items_related_to_given_group_name "$2"
        ;;
    s5_create_groups_for_given_group_names)
        s5_create_groups_for_given_group_names
        ;;
    s6_create_users_and_set_their_group_as_required)
        s6_create_users_and_set_their_group_as_required
        ;;
    s7_change_users_shell)
        s7_change_users_shell
        ;;
    s8_set_password_change_policy)
        s8_set_password_change_policy
        ;;
    s9_set_password_for_five_users)
        shift
        s9_set_password_for_five_users "$@"
        ;;
    s10_lock_bobs_password)
        s10_lock_bobs_password
        ;;
    s11_include_adam_into_wheel_group)
        s11_include_adam_into_wheel_group
        ;;
    s12_change_files_permission)
        s12_change_files_permission
        ;;
    "")
        main
        ;;
    *)
        echo "用法: $0 {函数名} [参数]"
        echo "可用函数:"
        echo "  s1_generate_a_series_of_files"
        echo "  s2_list_4_files_in_long_format_about_account_and_group"
        echo "  s3_find_items_related_to_given_username [用户名]"
        echo "  s4_find_items_related_to_given_group_name [组名]"
        echo "  s5_create_groups_for_given_group_names"
        echo "  s6_create_users_and_set_their_group_as_required"
        echo "  s7_change_users_shell"
        echo "  s8_set_password_change_policy"
        echo "  s9_set_password_for_five_users [密码1] [密码2] [密码3] [密码4] [密码5]"
        echo "  s10_lock_bobs_password"
        echo "  s11_include_adam_into_wheel_group"
        echo "  s12_change_files_permission"
        exit 1
        ;;
esac
